RE: authorize and authenticate zookeeper nodes

Thu, 18 Sep 2014 22:28:50 -0700 

Hi Sucheta,

Yes its possible to do by setting the ACLs and the authentication schemes(IP, 
Digest, Sasl schemes) available in ZK. 

>>>>1) Zookeeper znode should be accessed by selected ip addresses only.
>>>>2) Zookeeper znode should be accessed by selected users only.

Let me try to brief the ACLs through the examples.

IP Example:
                    ArrayList<ACL> testACL = new ArrayList<ACL>();
                testACL.add(new ACL(Perms.ADMIN, new Id("ip", "127.0.0.1")));
                zk.create("/acltest", new byte[0], testACL, 
CreateMode.PERSISTENT);
                zk.getACL("/acltest", new Stat());

User Example:
           
                zk1 = // create zk client
            zk1.addAuthInfo("digest", "ben:passwd".getBytes());
            zk1.create("/acltest", new byte[0], Ids.CREATOR_ALL_ACL, 
CreateMode.PERSISTENT);
            
            zk2 = // create another client
            zk2.addAuthInfo("digest", "ben:passwd2".getBytes()); 
                zk2.getData("/acltest", false, new Stat()); // Accessing this 
will throw Auth exceptions.

Sasl Example: Refer org.apache.zookeeper.test.SaslAuthTest.java

Also, please see my below mail thread about the Wiki pages (replied on 
yesterday).

-Rakesh
-----Original Message-----
From: Rakesh R 
Sent: 18 September 2014 10:29
To: '[email protected]'; [email protected]
Subject: RE: authorize and authenticate zookeeper nodes


Yes, there are different authentication schemes available in ZooKeeper and is 
pluggable. Based on the usecase one can choose it.

Please see the wiki page to get more details:
https://cwiki.apache.org/confluence/display/ZOOKEEPER/Zookeeper+and+SASL

-Rakesh

-----Original Message-----
From: Sucheta [mailto:[email protected]] 
Sent: 18 September 2014 08:38
To: [email protected]
Subject: authorize and authenticate zookeeper nodes

Hi,

I want to authorize and authenticate zookeeper nodes so that:-

1) Zookeeper znode should be accessed by selected ip addresses only.
2) Zookeeper znode should be accessed by selected users only.

Please let me know how to do this. Can we use openAM for this?



--
View this message in context: 
http://zookeeper-user.578899.n2.nabble.com/authorize-and-authenticate-zookeeper-nodes-tp7580303.html
Sent from the zookeeper-user mailing list archive at Nabble.com.

Reply via email to